[Samba] adam howto ? and is it safe to apply

Sérgio Basto sergio at serjux.com
Wed Jan 22 22:28:57 UTC 2020 

On Wed, 2020-01-22 at 16:12 -0500, Jonathon Reinhart wrote:
> Hi Sérgio,
> I renamed "adam" to "adman" upon request of another developer who was
> already using the name "adam" and wanted to use the package name on
> PyPI.
> 
> Here is the project URL:
> https://gitlab.com/JonathonReinhart/adman
> 
> Here is the PyPI URL:
> https://pypi.org/project/adman
> 
> I need to update the README, since you only need to run "pip3 install
> adman" now (no need to install from source).

On Centos 7.7 
    yum install gcc python3-devel openldap-devel    yum install
python3-setuptools python3-dns cyrus-sasl-gssapi
    wget 
https://gitlab.com/JonathonReinhart/adman/-/archive/v0.2.2/adman-v0.2.2.tar.gz
     tar xvf adman-v0.2.2.tar.gz    cd adman-v0.2.2
    python3 setup.py install
    cat /usr/local/lib/python3.6/site-packages/easy-install.pth 
./adman-0.2.2-py3.6.egg./PyYAML-5.3-py3.6-linux-
x86_64.egg./python_ldap-3.2.0-py3.6-linux-x86_64.egg./pyasn1_modules-
0.2.8-py3.6.egg./pyasn1-0.4.8-py3.6.egg
and is installed , downloaded PyYAML, python_ldap, pyasn1_modules and
pyasn1 I think it used pypi ...  
in  /etc/adman/config.yml , what is upn_suffixes section and
password_expiry_notification , users of this domain can not have emails
? How I disable emails notifications ? 
Thank you for your support much appreciated.
> Additional comments inline:
> 
> On Wed, Jan 22, 2020 at 2:19 PM Rowland penny via samba <
> samba at lists.samba.org> wrote:
> > On 22/01/2020 19:01, Sérgio Basto via samba wrote:
> > 
> > > Hi,
> > 
> > >
> > 
> > > I'd like apply adam in samba 4.10 production environment , the
> > 
> > > background came from [1] where I found we can't set security =
> > ads,
> > 
> > > backend = ad without adman (users without uidNumber and
> > gidNumber) .
> > 
> > 
> > 
> > This isn't a Samba product, I suggest you contact the author
> > directory.
> 
> If you have questions about Adman, please open an issue on the GitLab
> project page. Chances are other users will have the same questions.
>  
> > I fixed my problem with his gitlab page, my adblocker was blocking
> > parts 
> > 
> > of it ;-)
> 
> Rowland, I'm not sure what parts of the page your adblocker would
> have picked up on... I'm using just regular markdown, so it's
> GitLab's problem, not mine :-)
>  
> > > Is it safe to apply it ?
> > 
> > I do not know, I have never used it, but I can see no reason why
> > it 
> > 
> > wouldn't be.
> 
> As safe as any other open-source project, I imagine. I'm currently
> running it on a production domain without issues. Normal disclaimers
> apply.
>  
> > > Do we need apply this on PDC , or can be applied on a secondary
> > DC ?
> > 
> > 
> > 
> > You do not have a PDC, you just have a number of DCs, so you should
> > be 
> > 
> > able to install this on any of the DCs. In fact, provided the next 
> > 
> > uidNumber & gidNumber is stored in AD, you should be able to
> > install it 
> > 
> > on all DCs.
> 
>  It uses DNS to locate a domain controller:
> https://gitlab.com/JonathonReinhart/adman/blob/v0.2.2/adman/locate.py
> 
> So you don't need to run it directly on a DC; you can run it on any
> Linux box. But you can run it directly on a DC -- I am running it on
> my "DC1" with the PDC Emulator role. (This DC is also special in my
> setup due to the rsync sysvol replication).
> 
> I wouldn't recommend running multiple instances of it at the same
> time, since there could be a race condition between the two. There's
> not really a point. But to Rowlands point, the "next
> uidNumber/gidNumber" is stored in AD, so you could move it around as
> you wish.
> 
> Let me know if you have any problems or if you successfully deploy
> it!
> 
> Jonathon
-- 
Sérgio M. B.

More information about the samba mailing list